How The Hackers Took Google A Theory: Manipulation, Geopolitics, and Cyber Espionage

How The Hackers Took Google: A Theory

From The Atlantic by Marc Ambinder

AUSTIN, TX — Fred Chang has a theory about how hackers affiliated with the Chinese government hacked into Google and at least two dozen other major American companies. Chang is a professor of computer science at the University of Texas — so we should listen to him. But he is also the former director of research for the National Security Agency, so he has a pretty good idea of what hackers can do — and whether these things can be picked up by the government or industry.

Chang says he has no inside or special knowledge, but here is his theory: the hack was much more of a sophisticated intelligence operation than many believed. The first step was espionage and data collection.

The second step was the hack itself. Chang believes that the Chinese hackers figured out the identities of the system administrators for various computer networks. Then, the hackers figured out, using publicly available Facebook data, the social networks that these systems administrators were part of.
Then, masquerading as these friends, they sent e-mails to the targets with compromised links. E-mails from a trusted source? Ah, but they were spoofed, using a vulnerability in an outdated version of Internet Explorer.

Unbeknownst to the system administrator, once they clicked on the link, the malware deposited an SSL — a secure sockets layer — essentially an encrypted tunnel — between the host computer and a computer controlled by the hackers. From that point, searching around for passwords and proprietary information was easy.

“This is a huge event in the history of cybersecurity,” Chang said, “We’ll be talking about this one 30 years from now.”
Google suspects that at least a half dozen of its employees were complicit — or turned by the hackers — at some point in the process. And, as The Washington Post reported, it has partnered with the National Security Agency to figure out once and for all, from start to finish, how its systems were hacked.

Once again, I point to my post about this being more of an espionage operation than anything else. More to the point, where it is new is the amount of concurrent effort made by the Chinese and other malefactors in carrying it out.

The way I see it is this:

1) The US has been asleep at the information security wheel for too long. Even now we are having traction issues with turf battles and new cyber tsars.

3) Once they are in, they are hard to pry out of the networks if discovered and will just move on to the next compromise-able person/system to retain their foothold.

4) Since the US has become a nation that creates more IP than actually implements or manufactures things, it is easier for other nation states to embed technologies into what they sell to us (aka back doors) and use them in tandem with other attacks. These have been found within military programs in the last year or so specifically.

5) All of this activity could be a prelude to real attacks on our infrastructure in the future should the traps not be found. Back doors into systems and or malware that could cause outages say in our electrical grid, could have long term and devastating affects on our ability to respond to attack never mind the overall mass chaos and financial devastation that would ensue from a DoS of the electrical systems.

6) Geo-politically, these moves could be used to control and temper the US policies against interested nations. Such leverage as “we can shut you down or make your systems fail intermittently” could be enough to have Washington scurrying on issues such as the handling of Iran, or more to the point the Middle East and energy matters. I am sure there are a slew of opportunities for nation states to use such leverage to their advantage and the US would not want to admit that they have been compromised widely. Think about the FUD that would ensue.. Much like the theater after the Google announcements.

What I am saying overall is that with the help of networked and delicate systems that touch everything now in our daily lives, we have become an easy target. Knock down systems and people will freak, add to that things like if you kill a large transformer here then we are down for the count until China supplies us with another one. Which will take 2 years to get…

See the point?

This is a watershed event in the grander scheme of things because of all the above reasons. This seems to be something that is not getting through to the masses out there watching Katie Couric every evening. The cyberwar has begun quietly and in earnest. These events tell us how far behind the curve we are and how much we should be a little scared at how inept our country has been at protecting its computer infrastructure.

All of these efforts are a means to control. Control outcomes, manipulate countries agendas as well as corporate ones. The final control would be to remove the power to act altogether.